Aggregator

安全验证的未来：持续验证、自主操作、统一平台

A vulnerability, which was classified as problematic, has been found in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. This vulnerability is cataloged as CVE-2026-4616. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #775747 / VDB-352481

A vulnerability classified as critical was found in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. This vulnerability is listed as CVE-2026-4615. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subject_code causes sql injection. This vulnerability is tracked as CVE-2026-4614. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #775742 / VDB-352480

A vulnerability described as critical has been identified in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. This vulnerability is identified as CVE-2026-4613. The attack can be executed remotely. Additionally, an exploit exists.

Submit #775735 / VDB-352479

Submit #775723 / VDB-352478

A vulnerability marked as critical has been reported in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. This vulnerability is referenced as CVE-2026-4612. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The identification of this vulnerability is CVE-2026-4611. The attack may be launched remotely. There is no exploit available.

Submit #775689 / VDB-352477

A vulnerability was found in Tenda AC21 16.03.08.16. It has been rated as critical. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. This vulnerability is identified as CVE-2026-4565. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-4566. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. This vulnerability is cataloged as CVE-2026-4568. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. This vulnerability is registered as CVE-2026-4569. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in GeoVision GV-Edge Recording Manager up to 2.3.1. Affected by this vulnerability is an unknown functionality of the component Windows Service. Performing a manipulation results in execution with unnecessary privileges. This vulnerability was named CVE-2026-4606. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-4567. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. This vulnerability is documented as CVE-2026-4570. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection. This vulnerability is reported as CVE-2026-4571. The attack is possible to be carried out remotely. Moreover, an exploit is present.